CVE-2018-1000656

Summary (CVE-2018-1000656) The Flask component of the Pallets Project (Python) prior to 0.12.3 contains a CWE-20 Improper Input Validation vulnerability that can cause excessive memory usage, potentially leading to denial of service. The documented attack vector involves attackers sending JSON da...

CVE-2023-30861

Flask vulnerability CVE-2023-30861 arises when a responsive cached by a proxy may include data for one client and serve it to others, potentially leaking a session cookie. Root cause: Flask previously only set the Vary: Cookie header when the session was accessed or modified, not when it was refr...

CVE-2019-1010083

CVE-2019-1010083 affects the Pallets Project Flask before 1.0, where crafted encoded JSON data can cause unexpected memory usage leading to denial of service. The fix is upgrading to Flask 1.0 (or later). This entry may overlap with CVE-2018-1000656 per multiple sources.

CVE-2026-27205

CVE-2026-27205 – Flask cache-related information disclosure (root cause: Vary: Cookie not set when session accessed) Affected: Flask 3.1.2 and below. In these versions, accessing the session object may cause a response to be cached with user-specific data, as the Vary: Cookie header is not consis...